|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
401.1 After IIS6 SetupHello, folks.
I have setup literally dozens of IIS6 Web sites and just ran into subject problem. I read the following from Mr. Wang in a German IT forum: "401.1 means that the username/password that you gave to IIS for authentication was incorrect. If this happens when you have Anonymous access enabled, it means that the username/password you configured in IIS for the anonymous user is NOT the same as the NT user in the local SAM. Please synchronize them and try again." Being fairly new systems administration, my question is...How do I synchronize these accounts? TIA, Bob For Local SAM - open computer management, local users and groups, find the
IUSR_COMPUTER name account, right mouse on the account, and reset the password. Then go to IIS MMC, open the site property, directory security tab, anonymous access, reselect the iusr account, enter the password, click ok to save. then go to command prompt, enter 'iisreset.exe' to restart IIS services. then test browse your site. -- Show quoteHide quoteRegards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ "WebGuyBob" <WebGuy***@discussions.microsoft.com> wrote in message news:867C2E9C-1425-4975-AE5B-B62161B72D69@microsoft.com... > Hello, folks. > > I have setup literally dozens of IIS6 Web sites and just ran into subject > problem. I read the following from Mr. Wang in a German IT forum: > > "401.1 means that the username/password that you gave to IIS for > authentication was incorrect. If this happens when you have Anonymous > access > enabled, it means that the username/password you configured in IIS for the > anonymous user is NOT the same as the NT user in the local SAM. Please > synchronize them and try again." > > Being fairly new systems administration, my question is...How do I > synchronize these accounts? > > TIA, > > Bob Bernard,
As soon as I get in tomorrow morning, I will give that a shot and respond. Thanks, Bob Show quoteHide quote "Bernard" wrote: > For Local SAM - open computer management, local users and groups, find the > IUSR_COMPUTER name account, right mouse on the account, and reset the > password. > > Then go to IIS MMC, open the site property, directory security tab, > anonymous access, reselect the iusr account, enter the password, click ok to > save. > > then go to command prompt, enter 'iisreset.exe' to restart IIS services. > > then test browse your site. > > -- > Regards, > Bernard Cheah > http://www.tryiis.com/ > http://support.microsoft.com/ > http://www.msmvps.com/bernard/ > > > "WebGuyBob" <WebGuy***@discussions.microsoft.com> wrote in message > news:867C2E9C-1425-4975-AE5B-B62161B72D69@microsoft.com... > > Hello, folks. > > > > I have setup literally dozens of IIS6 Web sites and just ran into subject > > problem. I read the following from Mr. Wang in a German IT forum: > > > > "401.1 means that the username/password that you gave to IIS for > > authentication was incorrect. If this happens when you have Anonymous > > access > > enabled, it means that the username/password you configured in IIS for the > > anonymous user is NOT the same as the NT user in the local SAM. Please > > synchronize them and try again." > > > > Being fairly new systems administration, my question is...How do I > > synchronize these accounts? > > > > TIA, > > > > Bob > > > Hi, Bernard.
Thanks for responding in this and the asp.net site's forum. For the sake of the users of this forum, I'll try to keep the thread alive here also. I appreciate the input. I followed your instructions explicitly, but I'm still getting the 401.1 error. Below my sig is the error in the Security Event Log. Am I to the point where I should delete the IIS site or at least the docroot folder and start over, reselecting the appropriate users and perms? Is IWAM a factor here? I'm really wondering if there might be something about the security policy happening here. The reason I say that is because of the "Reason" indicated in the error event: "The user has not been granted the requested logon type at this machine" Note: "logon type". Is that a clue? TIA, Bob Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 534 Date: 3/24/2005 Time: 8:18:05 PM User: NT AUTHORITY\SYSTEM Computer: USPLSWEBH104 Description: Logon Failure: Reason: The user has not been granted the requested logon type at this machine User Name: IUSR_USPLSWEBH104 Domain: USPLSWEBH104 Logon Type: 8 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: USPLSWEBH104 Caller User Name: NETWORK SERVICE Caller Domain: NT AUTHORITY Caller Logon ID: (0x0,0x3E4) Caller Process ID: 1596 Transited Services: - Source Network Address: - Source Port: - For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Show quoteHide quote "Bernard" wrote: > For Local SAM - open computer management, local users and groups, find the > IUSR_COMPUTER name account, right mouse on the account, and reset the > password. > > Then go to IIS MMC, open the site property, directory security tab, > anonymous access, reselect the iusr account, enter the password, click ok to > save. > > then go to command prompt, enter 'iisreset.exe' to restart IIS services. > > then test browse your site. > > -- > Regards, > Bernard Cheah > http://www.tryiis.com/ > http://support.microsoft.com/ > http://www.msmvps.com/bernard/ > > > "WebGuyBob" <WebGuy***@discussions.microsoft.com> wrote in message > news:867C2E9C-1425-4975-AE5B-B62161B72D69@microsoft.com... > > Hello, folks. > > > > I have setup literally dozens of IIS6 Web sites and just ran into subject > > problem. I read the following from Mr. Wang in a German IT forum: > > > > "401.1 means that the username/password that you gave to IIS for > > authentication was incorrect. If this happens when you have Anonymous > > access > > enabled, it means that the username/password you configured in IIS for the > > anonymous user is NOT the same as the NT user in the local SAM. Please > > synchronize them and try again." > > > > Being fairly new systems administration, my question is...How do I > > synchronize these accounts? > > > > TIA, > > > > Bob > > > Hi, Bernard.
Thanks for responding in this and the asp.net site's forum. For the sake of the users of this forum, I'll try to keep the thread alive here also. I appreciate the input. I followed your instructions explicitly, but I'm still getting the 401.1 error. Below my sig is the error in the Security Event Log. Am I to the point where I should delete the IIS site or at least the docroot folder and start over, reselecting the appropriate users and perms? Is IWAM a factor here? I'm really wondering if there might be something about the security policy happening here. The reason I say that is because of the "Reason" indicated in the error event: "The user has not been granted the requested logon type at this machine" Note: "logon type". Is that a clue? TIA, Bob Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 534 Date: 3/24/2005 Time: 8:18:05 PM User: NT AUTHORITY\SYSTEM Computer: USPLSWEBH104 Description: Logon Failure: Reason: The user has not been granted the requested logon type at this machine User Name: IUSR_USPLSWEBH104 Domain: USPLSWEBH104 Logon Type: 8 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: USPLSWEBH104 Caller User Name: NETWORK SERVICE Caller Domain: NT AUTHORITY Caller Logon ID: (0x0,0x3E4) Caller Process ID: 1596 Transited Services: - Source Network Address: - Source Port: - For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Show quoteHide quote "Bernard" wrote: > For Local SAM - open computer management, local users and groups, find the > IUSR_COMPUTER name account, right mouse on the account, and reset the > password. > > Then go to IIS MMC, open the site property, directory security tab, > anonymous access, reselect the iusr account, enter the password, click ok to > save. > > then go to command prompt, enter 'iisreset.exe' to restart IIS services. > > then test browse your site. > > -- > Regards, > Bernard Cheah > http://www.tryiis.com/ > http://support.microsoft.com/ > http://www.msmvps.com/bernard/ > > > "WebGuyBob" <WebGuy***@discussions.microsoft.com> wrote in message > news:867C2E9C-1425-4975-AE5B-B62161B72D69@microsoft.com... > > Hello, folks. > > > > I have setup literally dozens of IIS6 Web sites and just ran into subject > > problem. I read the following from Mr. Wang in a German IT forum: > > > > "401.1 means that the username/password that you gave to IIS for > > authentication was incorrect. If this happens when you have Anonymous > > access > > enabled, it means that the username/password you configured in IIS for the > > anonymous user is NOT the same as the NT user in the local SAM. Please > > synchronize them and try again." > > > > Being fairly new systems administration, my question is...How do I > > synchronize these accounts? > > > > TIA, > > > > Bob > > > Yes, in this cause, the user has no right to logon to the machine. check if
there's any local or domain policy which remove the user rights. You need access from network, etc, refer this kb. Default permissions and user rights for IIS 6.0 http://support.microsoft.com/?id=812614 -- Show quoteHide quoteRegards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ "WebGuyBob" <WebGuy***@discussions.microsoft.com> wrote in message news:0A10BF70-0A78-427B-A1B3-D1664D83BEB4@microsoft.com... > Hi, Bernard. > > Thanks for responding in this and the asp.net site's forum. For the sake > of > the users of this forum, I'll try to keep the thread alive here also. > > I appreciate the input. I followed your instructions explicitly, but I'm > still getting the 401.1 error. Below my sig is the error in the Security > Event Log. Am I to the point where I should delete the IIS site or at > least > the docroot folder and start over, reselecting the appropriate users and > perms? Is IWAM a factor here? > > I'm really wondering if there might be something about the security policy > happening here. The reason I say that is because of the "Reason" indicated > in > the error event: > > "The user has not been granted the requested logon type at this machine" > > Note: "logon type". Is that a clue? > > TIA, > > Bob > > Event Type: Failure Audit > Event Source: Security > Event Category: Logon/Logoff > Event ID: 534 > Date: 3/24/2005 > Time: 8:18:05 PM > User: NT AUTHORITY\SYSTEM > Computer: USPLSWEBH104 > Description: > Logon Failure: > Reason: The user has not been granted the requested > logon type at this machine > User Name: IUSR_USPLSWEBH104 > Domain: USPLSWEBH104 > Logon Type: 8 > Logon Process: Advapi > Authentication Package: Negotiate > Workstation Name: USPLSWEBH104 > Caller User Name: NETWORK SERVICE > Caller Domain: NT AUTHORITY > Caller Logon ID: (0x0,0x3E4) > Caller Process ID: 1596 > Transited Services: - > Source Network Address: - > Source Port: - > > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > "Bernard" wrote: > >> For Local SAM - open computer management, local users and groups, find >> the >> IUSR_COMPUTER name account, right mouse on the account, and reset the >> password. >> >> Then go to IIS MMC, open the site property, directory security tab, >> anonymous access, reselect the iusr account, enter the password, click ok >> to >> save. >> >> then go to command prompt, enter 'iisreset.exe' to restart IIS services. >> >> then test browse your site. >> >> -- >> Regards, >> Bernard Cheah >> http://www.tryiis.com/ >> http://support.microsoft.com/ >> http://www.msmvps.com/bernard/ >> >> >> "WebGuyBob" <WebGuy***@discussions.microsoft.com> wrote in message >> news:867C2E9C-1425-4975-AE5B-B62161B72D69@microsoft.com... >> > Hello, folks. >> > >> > I have setup literally dozens of IIS6 Web sites and just ran into >> > subject >> > problem. I read the following from Mr. Wang in a German IT forum: >> > >> > "401.1 means that the username/password that you gave to IIS for >> > authentication was incorrect. If this happens when you have Anonymous >> > access >> > enabled, it means that the username/password you configured in IIS for >> > the >> > anonymous user is NOT the same as the NT user in the local SAM. Please >> > synchronize them and try again." >> > >> > Being fairly new systems administration, my question is...How do I >> > synchronize these accounts? >> > >> > TIA, >> > >> > Bob >> >> >> 
Other interesting topics
Change in ASP.Net authentication between Win2000 and Win2003
Firewall and Win 2K AES 256-bit Certificate multiple SSL sites on single IP/port OWA Exploit RE: How to create a client side certificate on a Windows 2000 Serv Integrated Windows Authentication Error, IIS Security Risks & Vulnerabilities Re: IIS metabase permissions when creating new VirDir's Front Page Server Extensions: Change Port? |
|||||||||||||||||||||||
